Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-16 | CVE-2023-27095 | Incorrect Permission Assignment for Critical Resource vulnerability in Opengoofy Hippo4J Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module. | 6.5 |
| 2023-02-23 | CVE-2023-24205 | Incorrect Permission Assignment for Critical Resource vulnerability in Clash Project Clash 0.20.12 Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml). | 9.8 |
| 2023-02-16 | CVE-2022-25992 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Oneapi-Cli Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi-cli before version 0.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2023-02-09 | CVE-2022-21939 | Incorrect Permission Assignment for Critical Resource vulnerability in Johnsoncontrols Metasys System Configuration Tool Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. | 6.1 |
| 2023-02-08 | CVE-2023-25150 | Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Richdocuments Nextcloud office/richdocuments is an office suit for the nextcloud server platform. | 5.7 |
| 2023-02-03 | CVE-2021-37304 | Incorrect Permission Assignment for Critical Resource vulnerability in Jeecg An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. | 7.5 |
| 2023-02-03 | CVE-2021-37305 | Incorrect Permission Assignment for Critical Resource vulnerability in Jeecg An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. | 7.5 |
| 2023-02-03 | CVE-2021-37306 | Incorrect Permission Assignment for Critical Resource vulnerability in Jeecg An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. | 7.5 |
| 2023-02-01 | CVE-2023-22326 | Incorrect Permission Assignment for Critical Resource vulnerability in F5 products In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. | 4.9 |
| 2023-01-27 | CVE-2022-44715 | Incorrect Permission Assignment for Critical Resource vulnerability in Netscout Ngeniusone 6.3.2 Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload. | 8.8 |